Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
Searchenginejournal.com

WordPress Elementor Widgets Add-On Vulnerability

The patch fixed an issue that could lead to a Stored Cross-Site Scripting exploit that allows an attacker to upload malicious files to a website server where it can be activated when a user visits the ...
Morningstar

ESET Research uncovers Operation RoundPress: Russia-aligned Sednit targets entities linked to the Ukraine war to steal confidential data

Sednit sends these XSS exploits by email; the exploits lead to the execution of malicious JavaScript code in the context of the webmail client web page running in a browser window. Therefore, only ...